Soft computing techniques for intrusion detection

The main goals of this research is to define a set of data mining techniques based on soft computing concepts and to define a mechanism for integrating them for solving the problem of intrusion detection. This research investigates three different soft data mining techniques: Genetic Fuzzy Rule Based Classifiers (GFRBC), Fuzzy Self/Non-self Discrimination (FD) based on Artificial Immune Systems (AIS) and Fuzzy clustering based on gravitational concepts. First, a general framework for GFRBC that combines fuzzy logic, evolutionary algorithms and class binarization concepts is developed. Two fuzzy class binarizations are introduced, a generic encoding scheme that includes fuzzy set tuning is proposed, a set of genetic operators for variable length chromosomes is defined, and a fitness function is developed. In order to reduce the number of parameters required by the evolutionary algorithm, a hybrid adaptive evolutionary algorithm (HAEA) is developed. It adapts the operator rates while searching for the solution. Next, a fuzzy self/non-self discrimination technique based on AIS that uses the framework of GFRBC is proposed. In order to evolve multiple fuzzy rule detectors, a notion of distance between fuzzy rules is proposed and a niching technique for HAEA is developed. Then, a clustering technique based on gravitational concepts is developed. Such a technique is robust (deals with noise) and unsupervised (determines the number of clusters automatically). It is extended in such a way that some parameters can be removed, other interaction function can be used, and fuzzy analysis can be performed. Finally, an integration and boosting techniques is developed. This technique is based on the concept of coupled map lattices. Since each technique is generating a fuzzy level of normalcy (membership to some class, in general), the proposed techniques are considered sites (cells) in the coupled map lattice. Experiments with machine learning data sets suggest that each technique performs well. Also, the results indicated that the boosted approach performs better than the original techniques and it is more robust to damage.

[1]  Robert K. Cunningham,et al.  Improving Intrusion Detection Performance using Keyword Selection and Neural Networks , 2000, Recent Advances in Intrusion Detection.

[2]  Samir W. Mahfoud A Comparison of Parallel and Sequential Niching Methods , 1995, ICGA.

[3]  Sung-Bae Cho,et al.  Incorporating soft computing techniques into a probabilistic intrusion detection system , 2002, IEEE Trans. Syst. Man Cybern. Part C.

[4]  Tom Fawcett,et al.  Analysis and Visualization of Classifier Performance: Comparison under Imprecise Class and Cost Distributions , 1997, KDD.

[5]  David E. Goldberg,et al.  Genetic Algorithms with Sharing for Multimodalfunction Optimization , 1987, ICGA.

[6]  Kalyanmoy Deb,et al.  A Comparative Analysis of Selection Schemes Used in Genetic Algorithms , 1990, FOGA.

[7]  Man Hon Wong,et al.  Mining fuzzy association rules in databases , 1998, SGMD.

[8]  Filippo Neri,et al.  Search-Intensive Concept Induction , 1995, Evolutionary Computation.

[9]  Jean-Michel Jolion,et al.  Robust Clustering with Applications in Computer Vision , 1991, IEEE Trans. Pattern Anal. Mach. Intell..

[10]  Rayford B. Vaughn,et al.  An improved algorithm for fuzzy data mining for intrusion detection , 2002, 2002 Annual Meeting of the North American Fuzzy Information Processing Society Proceedings. NAFIPS-FLINT 2002 (Cat. No. 02TH8622).

[11]  Fabio A. González,et al.  An immunity-based technique to characterize intrusions in computer networks , 2002, IEEE Trans. Evol. Comput..

[12]  Alan S. Perelson,et al.  Self-nonself discrimination in a computer , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[13]  Rajarshi Das,et al.  A Study of Control Parameters Affecting Online Performance of Genetic Algorithms for Function Optimization , 1989, ICGA.

[14]  Raúl Pérez,et al.  Completeness and consistency conditions for learning fuzzy rules , 1998, Fuzzy Sets Syst..

[15]  Palma Blonda,et al.  A survey of fuzzy clustering algorithms for pattern recognition. I , 1999, IEEE Trans. Syst. Man Cybern. Part B.

[16]  Sushil Jajodia,et al.  Enhancing Profiles for Anomaly Detection Using Time Granularities , 2002, J. Comput. Secur..

[17]  Eugene H. Spafford,et al.  Applying Genetic Programming to Intrusion Detection , 1995 .

[18]  Cannady,et al.  Next Generation Intrusion Detection: Autonomous Reinforcement Learning of Network Attacks , 2000 .

[19]  Cezary Z. Janikow,et al.  A knowledge-intensive genetic algorithm for supervised learning , 1993, Machine Learning.

[20]  Erik D. Goodman,et al.  On the Application of Cohort-Driven Operators to Continuous Optimization Problems Using Evolutionary Computation , 1998, Evolutionary Programming.

[21]  Arthur B. Maccabe,et al.  The architecture of a network level intrusion detection system , 1990 .

[22]  Homer D. Eckhardt Kinematic Design of Machines and Mechanisms , 1998 .

[23]  Hugues Bersini,et al.  The Endogenous Double Plasticity of the Immune Network and the Inspiration to be drawn for Engineering Artifacts , 1993 .

[24]  Neil C. Rowe,et al.  A Distributed Autonomous-Agent Network-Intrusion Detection and Response System , 1998 .

[25]  Risto Miikkulainen,et al.  Intrusion Detection with Neural Networks , 1997, NIPS.

[26]  Xiaomin Liu,et al.  A Least Biased Fuzzy Clustering Method , 1994, IEEE Trans. Pattern Anal. Mach. Intell..

[27]  James A. Mahaffey,et al.  Multiple Self-Organizing Maps for Intrusion Detection , 2000 .

[28]  Sara Matzner,et al.  An application of machine learning to network intrusion detection , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[29]  Fabio A. González,et al.  Using Adaptive Operators in Genetic Search , 2003, GECCO.

[30]  Olfa Nasraoui,et al.  A New Gravitational Clustering Algorithm , 2003, SDM.

[31]  Samir W. Mahfoud Crowding and Preselection Revisited , 1992, PPSN.

[32]  Lalit M. Patnaik,et al.  Adaptive probabilities of crossover and mutation in genetic algorithms , 1994, IEEE Trans. Syst. Man Cybern..

[33]  Bryant A. Julstrom,et al.  What Have You Done for Me Lately? Adapting Operator Probabilities in a Steady-State Genetic Algorithm , 1995, ICGA.

[34]  Salvatore J. Stolfo,et al.  Mining in a data-flow environment: experience in network intrusion detection , 1999, KDD '99.

[35]  Lawrence Davis,et al.  Adapting Operator Probabilities in Genetic Algorithms , 1989, ICGA.

[36]  J. Bezdek Cluster Validity with Fuzzy Sets , 1973 .

[37]  James C. Bezdek,et al.  Correction to "On Cluster Validity for the Fuzzy c-Means Model" [Correspondence] , 1997, IEEE Trans. Fuzzy Syst..

[38]  Sankar K. Pal,et al.  Data mining in soft computing framework: a survey , 2002, IEEE Trans. Neural Networks.

[39]  John H. Holland,et al.  Adaptation in Natural and Artificial Systems: An Introductory Analysis with Applications to Biology, Control, and Artificial Intelligence , 1992 .

[40]  Salvatore J. Stolfo,et al.  Mining Audit Data to Build Intrusion Detection Models , 1998, KDD.

[41]  Kenneth Alan De Jong,et al.  An analysis of the behavior of a class of genetic adaptive systems. , 1975 .

[42]  Stefan Axelsson,et al.  Intrusion Detection Systems: A Survey and Taxonomy , 2002 .

[43]  Ron Kohavi,et al.  The Case against Accuracy Estimation for Comparing Induction Algorithms , 1998, ICML.

[44]  James C. Bezdek,et al.  Pattern Recognition with Fuzzy Objective Function Algorithms , 1981, Advanced Applications in Pattern Recognition.

[45]  James M. Keller,et al.  A possibilistic approach to clustering , 1993, IEEE Trans. Fuzzy Syst..

[46]  H. Ishibuchi,et al.  Three-objective genetic algorithms for designing compact fuzzy rule-based systems for pattern classification problems , 2001 .

[47]  Thomas Bäck,et al.  Evolutionary algorithms in theory and practice - evolution strategies, evolutionary programming, genetic algorithms , 1996 .

[48]  Fabio A. González,et al.  An Imunogenetic Technique To Detect Anomalies In Network Traffic , 2002, GECCO.

[49]  Alex A. Freitas,et al.  A survey of evolutionary algorithms for data mining and knowledge discovery , 2003 .

[50]  Vasant Honavar,et al.  Feature Selection Using a Genetic Algorithm for Intrusion Detection , 1999, GECCO.

[51]  A.M. Tyrell,et al.  Computer know thy self!: a biological way to look at fault-tolerance , 1999, Proceedings 25th EUROMICRO Conference. Informatics: Theory and Practice for the New Millennium.

[52]  Susan M. Bridges,et al.  Mining fuzzy association rules and fuzzy frequency episodes for intrusion detection , 2000 .

[53]  Jeffrey O. Kephart,et al.  A biologically inspired immune system for computers , 1994 .

[54]  Lotfi A. Zadeh,et al.  Fuzzy Sets , 1996, Inf. Control..

[55]  Charles L. Karr,et al.  Genetic algorithms for fuzzy controllers , 1991 .

[56]  Heikki Mannila,et al.  Discovering Generalized Episodes Using Minimal Occurrences , 1996, KDD.

[57]  Hichem Frigui,et al.  Clustering by competitive agglomeration , 1997, Pattern Recognit..

[58]  Hisao Ishibuchi,et al.  Linguistic Rule Extraction by Genetics-Based Machine Learning , 2000, GECCO.

[59]  Anupam Joshi,et al.  Fuzzy clustering for intrusion detection , 2003, The 12th IEEE International Conference on Fuzzy Systems, 2003. FUZZ '03..

[60]  Stephen F. Smith,et al.  A learning system based on genetic adaptive algorithms , 1980 .

[61]  Julie A. Dickerson,et al.  Fuzzy intrusion detection , 2001, Proceedings Joint 9th IFSA World Congress and 20th NAFIPS International Conference (Cat. No. 01TH8569).

[62]  Hervé Debar,et al.  A neural network component for an intrusion detection system , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[63]  Jonatan Gómez,et al.  Self Adaptation of Operator Rates in Evolutionary Algorithms , 2004, GECCO.

[64]  Zbigniew Michalewicz,et al.  Parameter control in evolutionary algorithms , 1999, IEEE Trans. Evol. Comput..

[65]  Alex A. Freitas,et al.  Discovering comprehensible classification rules with a genetic algorithm , 2000, Proceedings of the 2000 Congress on Evolutionary Computation. CEC00 (Cat. No.00TH8512).

[66]  Alistair Munro,et al.  Evolving fuzzy rule based controllers using genetic algorithms , 1996, Fuzzy Sets Syst..

[67]  Yi-Chung Hu,et al.  Finding fuzzy classification rules using data mining techniques , 2003, Pattern Recognit. Lett..

[68]  William L. Fithen,et al.  State of the Practice of Intrusion Detection Technologies , 2000 .

[69]  Konstantinos G. Margaritis,et al.  An Experimental Study of Benchmarking Functions for Genetic Algorithms , 2002, Int. J. Comput. Math..

[70]  Jerne Nk Towards a network theory of the immune system. , 1974 .

[71]  Rebecca Gurley Bace,et al.  Intrusion Detection , 2018, Encyclopedia of Social Network Analysis and Mining. 2nd Ed..

[72]  Dipankar Dasgupta,et al.  An evolutionary approach to generate fuzzy anomaly (attack) signatures , 2003, IEEE Systems, Man and Cybernetics SocietyInformation Assurance Workshop, 2003..

[73]  Olfa Nasraoui,et al.  A novel approach to unsupervised robust clustering using genetic niching , 2000, Ninth IEEE International Conference on Fuzzy Systems. FUZZ- IEEE 2000 (Cat. No.00CH37063).

[74]  Noureddine Zahid,et al.  A new cluster-validity for fuzzy clustering , 1999, Pattern Recognit..

[75]  Peter Ross,et al.  Adapting Operator Settings in Genetic Algorithms , 1998, Evolutionary Computation.

[76]  R. Kozma,et al.  Fuzzy class binarization using coupled map lattices , 2004, IEEE Annual Meeting of the Fuzzy Information, 2004. Processing NAFIPS '04..

[77]  Peter J. Rousseeuw,et al.  Robust regression and outlier detection , 1987 .

[78]  Jiawei Han,et al.  Data Mining: Concepts and Techniques , 2000 .

[79]  T. Y. Lin,et al.  Anomaly detection: a soft computing approach , 1994, NSPW.